Terraform auth0_connection potential issue

kkulakou · March 1, 2022, 2:44pm

I am using terraform to standup resources in Auth0.
https://registry.terraform.io/providers/alexkappa/auth0/latest/docs

I ran into an issue updating auth0_connection resource.
How to reproduce:

create auth0_connection resource with available enabled_clients.
update same recourse, but this time set enabled_clients to empty array.

Issue: The connection still have previous client enabled.
Here is my terraform resource block

resource "auth0_connection" "accelerate_test_user_connection" {
  name            = "name"
  strategy        = "auth0"
  enabled_clients = [] <=== this is the problem 
  options {
    brute_force_protection         = "true"
    enabled_database_customization = "false"
    custom_scripts = {
      # login = local.login_func
    }
    configuration = {
      auth0_oauth_url          = "<hidden>"
      authorization_server_url = "<hidden>"
      cc_audience              = "<hidden>"
      cc_grant_type            = "<hidden>"
      cc_client_id             = "import from variables"
      cc_client_secret         = "import from variables"
      scope                    = "my:scope"
    }
  }
}

Current script does not update connection and does not disable client.

Edit:
I did tried to remove enabled_clients all together, issue still persists.

rueben.tiow · March 2, 2022, 12:36am

Hi @kkulakou,

Thanks for reaching out to the Auth0 Community!

First, I noticed that your resource block did not reference the name of your Auth0 Connection.

In this case, could you please try using the assigning name to the name of your Auth0 Database connection?

Additionally, could you please remove the enabled_clients property from your resource block?

For example:

resource "auth0_connection" "terraform-express-user-db" {
  name     = "terraform-express-user-db"
  strategy = "auth0"
  options {
    password_policy        = "good"
    brute_force_protection = true
  }
}

Once that is complete, I believe you can update your Auth0 Connection and disable it for all applications.

Please let me know how this goes for you.

Thank you.

kkulakou · March 2, 2022, 3:56pm

Thank you for your feed back.
When you say I did not mention the name do you mean this line name = "name". If so, I have a proper name I just masked it for the demonstration purpose.

Also, I mentioned in my Edit that I did try to remove the enabled_clients = [] block and the issue persists.

When resources is been created it is been created with a proper flag. Only when resource is been updated, it does not actually remove connected clients.

I can provide terraform output for more information if needed.

kkulakou · March 2, 2022, 7:20pm

@rueben.tiow
I was using an incorrect provider.

rueben.tiow · March 2, 2022, 8:38pm

Hi @kkulakou,

Thanks for sharing your findings with the Community!

Ah yes, we’ve all been there! The provider should be something like the following:

provider "auth0" {
  version = ">= 0.27.1"
}

Have a great rest of your day, and please do not hesitate to reach out if you have any further questions.

Thank you.

system · March 17, 2022, 8:38pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.